The Morning Risk Report: Awareness Grows but Action Still Lags on Cybersecurity

Awareness of cybersecurity and the risks of having poor or no security is on the rise but many companies still haven’t taken action, as a survey shows 44% of the 9,500 executives who were asked said their organization doesn’t have an overall information security strategy. Fifty-four percent said they don’t have an incident-response process, according to the Global State of Information Security survey of chief executives, finance chiefs, chief information officers, chief security officers, vice presidents and directors of IT and security practices in 122 countries put out by PwC and the publications CIO and CSO. “Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable,” said Sean Joyce, PwC’s U.S. cybersecurity and privacy leader, in the report.

The biggest fear of a cyberattack is disruption to operations and manufacturing (40%), followed by lost or compromised data (39%), degrading of product quality (32%), damage to physical property (29%) and harm to human life (22%). The survey found 44% of respondents said their boards are active participants in their company’s overall cybersecurity strategy. “Many boards still see it as an IT problem,” said Matt Olsen, co-founder and president of business development and strategy at IronNet Cybersecurity and the former head of the U.S. National Cybersecurity Center, in the report. The report said it’s imperative for senior leaders to “take ownership of building cyber resilience,” saying a top-down strategy to manage cyber and privacy risks is vital.

The report urges companies to look deeper to discover potential risks, given the speed with which new technologies keep coming to market. It asked respondents which unit has responsibility for Internet of Things security: 29% said the chief information security officer, 20% said engineering staff, 17% said the chief risk officer. Just over half (52%) said they have a CISO on staff, 45% said they have a CIO and 47% said they have dedicated security staff. Half said their organization conducts background checks, with fewer than that saying they do penetration tests, threat assessments and/or active monitoring of information security. Fifty-eight percent said they formally work with others in their industry to improve security. “Industry and government leaders must work across organizational, sectoral, and national borders to identify, map, and test cyberdependency and interconnectivity risks as well as surge resilience and risk-management,” stated the report.

Argentina courts banks to share intelligence. Argentina’s Financial Intelligence Unit is seeking to shake off a legacy of mistrust and engage private institutions to help in the fight against money laundering and terrorism financing, the WSJ reports.The man charged with building those bridges is Mariano Federici, a former senior counsel and anti-money laundering specialist at the International Monetary Fund.

COMPLIANCE

Senate clears hurdle for tax-code overhaul. Senate Republicans adopted a budget for the next fiscal year, clearing a critical hurdle in the GOP push to overhaul the tax code. The Senate’s late Thursday passage of the budget blueprint helps unlock a procedure that Republicans plan to use to rewrite the tax code with just GOP votes, the WSJ reports.

Senate Majority Leader Mitch McConnell is shown at the Capitol in Washington on Thursday.

Associated Press

Trump makes picks for FTC. President Donald Trump announced nominees for two vacancies at the Federal Trade Commission, the WSJ reports. Mr. Trump said he intended to nominate private antitrust lawyer Joseph Simons as FTC chairman. The president will nominate Rohit Chopra, formerly of the Consumer Financial Protection Bureau, for another FTC vacancy.

Senators press for political-ad disclosure.Facebook, Google and other internet companies are under pressure to disclose who is buying online political ads. Senator John McCain and two Democratic senators moved Thursday to require the disclosure, the NYT reports. A new bill would require the companies to give the Federal Election Commission information about who is paying for ads.

DATA SECURITY

Pacemaker patch poses dilemma.A new software patch to fix a cybersecurity weakness in implanted heart devices has raised a question: Is the fix worth the risk? A software update by Abbott Laboratories is supposed to reduce the risk a pacemaker could be hacked. But Abbott has said the update itself carries a slight risk of causing a malfunction in the pacemakers.

John Landro, a patient with a pacemaker that has received a recent software update ,at his home, on Wednesday in Deer Park, New York.

Heather Walsh for The Wall Street Journal

GOVERNANCE

Equity awards to boards under scrutiny. Companies are reining in the type of stock awards offered to non-executive board members to avoid tying compensation to short-term gains in a bull market, the WSJ reports. Median annual pay rose to $245,000 from $205,000 over the last five fiscal years, according to a recent report by research firm Equilar Inc.

REPUTATION

Dean Foodsex-chairman gets prison term. A federal judge on Thursday sentenced Thomas C. Davis, the former chairman of Dean Foods Co. , to two years in prison for engaging in a long-running insider trading scheme with legendary Las Vegas gambler William “Billy” Walters, the WSJ reports. Mr. Davis pleaded guilty last year.

RISK

Venezuela bars opposition governors from office.Venezuela’s government on Thursday banned opposition governors from taking office in five states, replacing them with ruling-party substitutes, after the opposition released evidence it said proves electoral fraud in a crucial industrial state, the WSJ reports.

Putin pushes back on media. Russian President Vladimir Putin weighed in on U.S. scrutiny of Russian news outlets RT and Sputnik, promising a “mirrored response” against U.S. media if those agencies are sanctioned. Russian officials have threatened measures against U.S. news organizations, after the
government-funded channel RT said it had been asked by the Justice Department to register under a law used to regulate foreign lobbying in the U.S.